CVE-2014-1303

Apple Safari 7.0.2 - Remote Code Execution via Heap-Based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2014-1303. PoCs published by Ren Kimura, TJ Corley, RKX1209.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2014-1303, a WebKit heap-based buffer overflow vulnerability. It includes ROP chains and payload execution capabilities, ported to work on Linux (Ubuntu 14.04 with WebKitGTK 2.1.2).

Description

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

Exploits (3)

exploitdb WORKING POC
by Ren Kimura · locallinux
https://www.exploit-db.com/exploits/44204

This is a proof-of-concept exploit for CVE-2014-1303, a WebKit heap-based buffer overflow vulnerability. It includes ROP chains and payload execution capabilities, ported to work on Linux (Ubuntu 14.04 with WebKitGTK 2.1.2).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: WebKitGTK 2.1.2
No auth needed
Prerequisites: WebKitGTK 2.1.2 on Ubuntu 14.04 · Local web server to host exploit files
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by TJ Corley · localhardware
https://www.exploit-db.com/exploits/44200

This is a proof-of-concept exploit for CVE-2014-1303 targeting PS4 firmware < 2.50. It leverages DNS spoofing to trigger an info leak and ROP chain execution when the user navigates to the User's Guide page.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sony PlayStation 4 firmware < 2.50
No auth needed
Prerequisites: DNS control · PS4 on vulnerable firmware · User interaction (navigate to User's Guide)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 24 stars
by RKX1209 · poc
https://github.com/RKX1209/CVE-2014-1303

This repository contains a proof-of-concept exploit for CVE-2014-1303, a WebKit heap-based buffer overflow vulnerability, ported to Linux (Ubuntu 14.04 with WebKitGTK 2.1.2). It includes ROP chains, a remote loader, and demonstrates code execution via a crafted HTML page.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: WebKitGTK 2.1.2
No auth needed
Prerequisites: WebKitGTK 2.1.2 on Linux · Python for serving the exploit · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT6537
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html

Scores

EPSS 0.3478
EPSS Percentile 98.2%

Details

CWE
CWE-119
Status published
Products (1)
apple/safari 7.0.2
Published Mar 26, 2014
Tracked Since Feb 18, 2026